WHAT IS CLAIMED IS: 

1 LA system for securely transmitting Real Time Protocol voice packets 

2 during a communication session with a remote multimedia terminal adapter over an Internet 

3 protocol network, the system comprising: 

4 a local multimedia terminal adapter receiving the voice packets, the local 

5 multimedia terminal adapter comprising, 

6 a local key stream generator for generating a first key stream; 

7 a packet encryptor that encrypts the voice packets using at least a 

8 portion of the first key stream to form encrypted voice packets; 

9 the remote multimedia terminal adapter receiving the encrypted voice 

10 packets, the remote multimedia terminal adapters further comprising, 

11 a remote key stream generator for generating the first key stream in 
43 12 order to decrypt the encrypted voice packets; and 

1 3 a packet decryptor decrypting the encrypted voice packets using the 

H J 14 first key stream, wherein both key stream generators are capable of generating a second key 

P 1 5 stream to prevent reuse of any portion of the first key stream during the communication 

r*16 session. 

H 1 2. The system of claim 1 wherein the second key stream is generated 

01 2 when the system wishes to switch from a first to a second coder/decoder for 

J**f 3 compression/decompression of the voice packets. 

1 3. The system of claim 1 wherein the second key stream is generated 

2 when a Message Authentication Code algorithm change occurs. 

1 4. The system of claim 1 further comprising a local gateway controller 

2 for forwarding the encrypted packets through the Internet protocol network. 

1 

2 5. The system of claim 1 further comprising a remote gateway controller 

3 for receiving the encrypted packets from the Internet protocol network and for forwarding 

4 encrypted voice packets to the remote multimedia terminal adapter. 
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t . A system for communicating Real Time Protocol voice packets 
between a local and a remote location over an Internet protocol network, the system 
comprising: 

a stream cipher module for encrypting the voice packets; and 
a key stream generator for generating a first Real Time Protocol key stream, 
the stream cipher module employing the first key stream to encrypt the voice packets for 
forwarding to the remote location, the key stream generator producing a second Real Time 
Protocol key stream for encrypting the voice packets when the system wishes to switch from 
a first communication parameter to a second communication parameter, each of the first and 
second parameters being involved in the synchronization of the key stream. 

j). The system of claim 6 wherein the first communication parameter is a 
first coder/decoder that compresses/decompresses the voice packets, and the second 
communication parameter is a second coder/decoder that compresses/decompresses the voice 
packets. 

& 

The system of claim 6 further comprising a synchronization source for 
synchronizing and enabling decryption of the voice packets at the remote location. 


0 


The system of claim 8 wherein the synchronization source is a time 
stamp on a voice packet. 
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The system of claim 9 further comprising a new time stamp sequence 
generated when the second Real Time Protocol key stream is generated. 


The system of claim 6 wherein the second key stream is generated by 
re-executing the following key derivation function: 

F(S, "End-End RTP Key Change <N>") 

where N is a counter incremented whenever a new set of Real Time Protocol 
keys is re-derived for the same media stream session; 

F( ) is a one-way pseudo-random function used for the purpose of key 

derivation; 

S is a shared secret - a random value shared between the two endpoints and is 
known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 
and 
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"End-End RTP Key Change <N>" is a label that is used as a parameter to the 
key derivation function F(), <N> stands for an ASCII representation of a decimal number, 
representing a counter. 

y[J The system of claim 6 wherein the second key stream is generated by 
re-executing the following key derivation function: 

F(S, SSRC, "End-End RTP Key Change <N>") where: 

S is a shared secret - a random value shared between the two endpoints and is 
known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 
SSRC is the synchronization source session identifier; 

N is the counter of the number of key changes for the same SSRC value; and 
"End-End RTP Key Change <N>" is a label that is used as a parameter to the 

key derivation function F() 5 <N> stands for an ASCII representation of a decimal number, 

representing a counter. 


A method for securely transmitting Real Time Protocol voice packets 
from a local to a remote location via a communication network, the method comprising: 
generating a first Real Time Protocol key stream for encrypting the voice 

packets; 

forwarding encrypted voice packets to the remote location; 

generating a second Real Time Protocol key stream for encrypting the voice - 
packets in response to a request to change communication parameters for the same media 
stream; and 

forwarding voice packets encrypted with the second Real Time Protocol key 
stream to the remote location. 


The method of claim 13 further comprising reinitializing a time stamp 
for synchronizing decryption of the voice packets. 


\f*/.^) y method of claim 13 wherein the step of generating a second Real 
Time Protocol key stream is by re-executing the following key derivation function: 
F(S, "End-End RTP Key Change <N>") 

where N is a counter incremented whenever a new set of Real Time Protocol 
keys is re-derived for the same media stream session; 
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6 F( ) is a one-way pseudo-random function used for the purpose of key 

7 derivation;; 

8 S is a shared secret - a random value shared between the two endpoints and is 

9 known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 

10 and 

1 1 "End-End RTP Key Change <N>" is a label that is used as a parameter to the 

12 key derivation function F(), <N> stands for an ASCII representation of a decimal number, 

1 3 representing a counter. 

The method of claim 13 wherein the step of generating a second Real 

X 2 Time Protocol key stream is by re-executing the following key derivation function: 
^ 3 F(S, SSRC, "End-End RTP Key Change <N>") where: 

q 4 S is a shared secret - a random value shared between the two endpoints and is 

5 known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 

J^J 6 SSRC is the synchronization source session identifier; 

y \ 

f*£ 7 N is the counter of the number of key changes; and 

Sj 8 "End-End RTP Key Change <N>" is a label that is used as a parameter to the 

JL 9 key derivation function F(), <N> stands for an ASCII representation of a decimal number, 

H> 10 representing a counter. 

p 1 y^*] * n a commun i ca ti° n system having a gateway receiving 

2 communication sessions from two or more multimedia terminal adapters, a method for 

3 securely exchanging voice packets between the multimedia terminal adapters and the 

4 gateway, the method comprising: 

5 generating a first Real Time Protocol key stream for encrypting the voice 

6 packets; 

7 forwarding the voice packets encrypted with the first Real Time Protocol key 

8 stream to the gateway; 

9 generating a second Real Time Protocol key stream for encrypting the voice 

10 packets in response to a collision detection wherein the multimedia terminal adapters have 

1 1 the same source identifier; and 

12 forwarding voice packets encrypted with the second Real Time Protocol key 

13 stream to the remote location. 
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The method of claim 17 wherein the step of generating a second Real 
Time Protocol key stream is by re-executing the following key derivation function: 
F(S 5 SSRC, "End-End RTP Key Change <N>") where: 

S is a shared secret - a random value shared between the two endpoints and is 
known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 
SSRC is the synchronization source session identifier; 
N is the counter of the number of key changes; and 

"End-End RTP Key Change <N>" is a label that is used as a parameter to the 
key derivation function F(), <N> stands for an ASCII representation of a decimal number, 
representing a counter. 

J/9 

18. A system for securely transmitting voice packets during a 
communication session from a local location to a remote location over a communication 
network, the system comprising: 

a means for generating a first key stream at the local location; 

a means for encrypting the voice packets using at least a portion of the first 
key stream to form encrypted voice packets; 

a means for forwarding the encrypted voice packets from the local location to 
the remote location; 

a means for generating the first key stream at the remote location in order to 
decrypt the encrypted voice packets; and 

a means for decrypting the encrypted voice packets using the first key stream, 
wherein both means for generating are capable of generating a second key stream to prevent 
reuse of any portion of the first key stream during the communication. 


The system of claim 19 wherein the second key stream is generated 
when the system wishes to switch from a first to a second coder/decoder for 
compression/decompression of the voice packets. 
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The system of claim 19 wherein the second key stream is generated by 
re-executing the following key derivation function: 

F(S, "End-End RTP Key Change <N>") 

where N is a counter incremented whenever a new set of Real Time Protocol 
keys is re-derived for the same media stream session; 
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6 F( ) is a one-way pseudo-random function used for the purpose of key 

7 derivation; 

8 S is a shared secret - a random value shared between the two endpoints and is 

9 known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 

10 and 

1 1 "End-End RTP Key Change <N>" is a label that is used as a parameter to the 

12 key derivation function F() 5 <N> stands for an ASCII representation of a decimal number, 

13 representing a counter. 

1 ^f^^The system of claim 19 wherein the second key stream is generated by 

2 re-executing the following key derivation function: 

3 F(S, SSRC, "End-End RTP Key Change <N>") where: 

□ 4 S is a shared secret - a random value shared between the two endpoints and is 

5 known only to those two endpoints and possibly a trusted server (e.g. gateway controller); 

firs 

HL S 6 SSRC is the synchronization source session identifier; 

y s 

7 N is the counter of the number of key changes; and 

fees? 

rg 8 "End-End RTP Key Change <N>" is a label that is used as a parameter to the 

9 key derivation function F(), <N> stands for an ASCII representation of a decimal number, 

N" 10 representing a counter. 


p 1 1(Z. The system of claim 1 9 further comprising a means for synchronizing 

"f* 2 the voice packets. 
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